Microsoft is warning users that "limited" attacks were targeting systems running Windows XP and Windows Server 2003, through the exploitation of a flaw in Macrovision's copy protection software that is packaged with those operating systems. The vulnerability, however, does not affect Windows Vista.

The program affected with the flaw is named SafeDisc and the security hole is named secdrv.sys. In an advisory, Secunia said the flaw is due to an error in input validation at the time of handling arguments.

The flaw was reported via a company security advisory on November 5, 2007. According to Microsoft, its team is developing a patch and planning to release it through the company's 'Patch Tuesday' update.

Microsoft said, to launch the attack, a hacker needs access to the local system to manipulate the vulnerability through escalated privileges.

Meanwhile, Macrovision has already released one patch for the flaw.

This year in the middle of October, Symantec discussed the security hole in its Security Response Weblog, but did not disclose too many details that would have benefited miscreants.

The attack, if launched successfully, leads to escalated privileges that could enable the attacker to completely take over the user's computer; but successful exploits don't come easily compared to those with the normal "critical" bug. Secunia, researching company on computer security, has rated this hole as "less critical", the second lowest ranking of its five-stage severity rating rule.

Researcher Elia Florio of Symantec Security Response said on November 7, 2007 that corporate networks are more vulnerable to the attack than home users. SCMagazine reported this on November 7, 2007.

Florio said that the exploit can only work locally meaning the attacker must log onto the PC using a login account. This, therefore, lessens the risks for users of home PCs, because they generally have only one account. In comparison to that, corporate networks, which have multiple users with different login accounts, experience a more complicated situation.

However, it is possible that in a computer with multilayered defense, a malware planted on it via a different exploit could manipulate the secdrv.sys flaw and take further control over the system while bypassing security defenses.